BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Camtruder - Advanced RTSP Camera Discovery and Vulnerability Assessment Tool
- Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit
- PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
- Text4Shell-Exploit - A Custom Python-based Proof-Of-Concept (PoC) Exploit Targeting Text4Shell (CVE-2022-42889), A Critical Remote Code Execution Vulnerability In Apache Commons Text Versions < 1.10
- Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)
- Bytesrevealer - Online Reverse Enginerring Viewer
- CentralizedFirewall - Provides A Firewall Manager API Designed To Centralize And Streamline The Management Of Firewall Configurations
- Maryam - Open-source Intelligence(OSINT) Framework
- TruffleHog Explorer - A User-Friendly Web-Based Tool To Visualize And Analyze Data Extracted Using TruffleHog
- PANO - Advanced OSINT Investigation Platform Combining Graph Visualization, Timeline Analysis, And AI Assistance To Uncover Hidden Connections In Data
Exploit DB
- [local] Microsoft Windows 11 - Kernel Privilege Escalation
- [local] tar-fs 3.0.0 - Arbitrary File Write/Overwrite
- [remote] code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)
- [remote] OpenSSH server (sshd) 9.8p1 - Race Condition
- [local] Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
- [webapps] WordPress Core 6.2 - Directory Traversal
- [remote] WonderCMS 3.4.2 - Remote Code Execution (RCE)
- [remote] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution
- [webapps] FoxCMS 1.2.5 - Remote Code Execution (RCE)
- [webapps] Drupal 11.x-dev - Full Path Disclosure
White House reportedly blames auto-suggested iPhone contact for Signal scandal
/in General NewsHow did Atlantic editor-in-chief Jeffrey Goldberg get added to a Signal group chat with Trump administration officials discussing their plans for an airstrike in Yemen? The simplest explanation: National Security Adviser Mike Waltz had Goldberg saved as a contact in his phone and accidentally added him. Indeed, when Waltz first claimed that Goldberg’s phone number […]
Security News | TechCrunch – Read More
Why neglecting AI ethics is such risky business – and how to do AI right
/in General NewsCompanies that combine innovation and trust have a competitive edge. Discover the best practices that ensure ethical, sustainable deployment.
Latest stories for ZDNET in Security – Read More
Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws
/in General NewsA likely lone wolf actor behind the EncryptHub persona was acknowledged by Microsoft for discovering and reporting two security flaws in Windows last month, painting a picture of a “conflicted” individual straddling a legitimate career in cybersecurity and pursuing cybercrime.
In a new extensive analysis published by Outpost24 KrakenLabs, the Swedish security company unmasked the up-and-coming
The Hacker News – Read More
North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
/in General NewsThe North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more malicious packages that deliver the BeaverTail malware, as well as a new remote access trojan (RAT) loader.
“These latest samples employ hexadecimal string encoding to evade automated detection systems and manual code audits, signaling a variation
The Hacker News – Read More
NSA Chief Ousted Amid Trump Loyalty Firing Spree
/in General NewsPlus: Another DOGE operative allegedly has a history in the hacking world, and Donald Trump’s national security adviser apparently had way more Signal chats than previously known.
Security Latest – Read More
Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data
/in General NewsCybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information.
Two of the packages, bitcoinlibdbfix and bitcoinlib-dev, masquerade as fixes for recent issues detected in a legitimate Python module called bitcoinlib, according to ReversingLabs. A third package discovered by Socket, disgrasya, contained a
The Hacker News – Read More
Maryland pharmacist used keyloggers to spy on coworkers for a decade, victim alleges
/in General NewsA Maryland pharmacist installed spyware on hundreds of computers at a major teaching hospital and recorded videos of staff over the course of a decade, a class-action lawsuit alleges.
The Record from Recorded Future News – Read More
Cisco: Fine-tuned LLMs are now threat multipliers—22x more likely to go rogue
/in General NewsCisco warns LLMs fine-tuned for business are now being weaponized. Guardrails aren’t failing. They’re being engineered around.Read More
Security News | VentureBeat – Read More
CISA Warns: Old DNS Trick ‘Fast Flux’ Is Still Thriving
/in General NewsAn old DNS switcheroo technique is still helping attackers keep their infrastructure alive. But is it really a pressing issue in 2025?
darkreading – Read More
Gmail Is Not a Secure Way to Send Sensitive Comms: A Friendly Reminder
/in General NewsNew end-to-end Gmail encryption alone isn’t secure enough for an enterprise’s most sensitive and prized data, experts say.
darkreading – Read More